Slashdot videos: Now with more Slashdot!

View

Discuss

Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

An anonymous reader writes Reuters reported on Friday that Apple "has begun keeping the personal data of some Chinese users on servers in mainland China." Apple has claimed that the move is meant "to improve the speed and reliability of its iCloud service", but given China's track record with censorship and privacy, the explanation rings hollow for some skeptics. Nevertheless, Apple assures its Chinese users that their personal data on China Telecom is encrypted and that the encryption keys will be stored offshore. Only time will tell if Apple will be able to resist Chinese government requests to access its China-based servers.

They're storing mainland customer data on mainland servers. I don't see the problem with this - if the Chinese gov't wants data, they have SO many means at their disposal to capture it regardless of whether it's stored on a domestic server, or external. This is a good move, imo, as storing data in any country other than China would mean heavy latency passing through the GFW and having it likely captured elsewhere anyways.

Nevertheless, Apple assures its Chinese users that their personal data on China Telecom is encrypted and that the encryption keys will be stored offshore

This is pure marketing bullshit. How are they going to make the data available to their users if the keys are stored offshore? What use does encryption have if they have the keys and need to be able to decrypt the data on the fly, i.e. everyone with access to their servers can also decrypt the data?

The only secure way is to design the system such that the servers just see ciphertext coming in and going out. Everything else is not secure, especially if governments are involved. The Lavabit case should have made that clear once and for all even for non-experts.

It does not matter if they store the keys up at the Apple CEO's butt...If they place the servers on Chinese physical land, then it is under Chinese jurisdiction, and the Chinese government can use their normal legal interception laws to get any data they want.If they do not comply they confiscate the servers and start issuing large fines on Apple.

The only difference between "normal" US/UK/DE or whatever western world is that the Chinese has a much broader idea on what can be illegal.So i would not trust that data store for 1second.